During the last couple of years, I’ve spent a lot of time battling spam 0n my domains and my clients’ domains. But I’ve just now had my first encounter with the “digital pot” calling the “digital kettle” black.One of the first places to batten down on email security is to enable SMTP (secure mail transfer protocol) on each email address that you really want to secure. It’s like a form of digital handshaking that lets each other know that the other one is OK. I have my emails run through several layers of spam protection before I actually receive them. One of the tools I use on my server is “BoxTrapper” which does several things to verify an email is legitimate or not. one of the things I have it set to verify is that the sender has SMTP Authentication enabled.
Recently I’ve noticed that one of my financial institutions has invested a lot of effort in stepping up their security measures by implementing new login procedures to manage my account. Apparently one of the new procedures is to force you to create a new password ever so often. A few days after I changed my password the first time, I was going through my BoxTrapper queue and I noticed a “password change verification” email from them stuck there. You guessed it- “flagged for SMTP Authentication not enabled.
This is the same institution where I logged onto my account a while back and it asked me a “User Defined” security question that I did not know before proceeding. The question was “What was your childhood phone number”. I called them to advise- Number one: That was not one of the security questions that I pre-defined and Number two: Even if it was, there were not enough spaces in the field to write “3 short cranks and 1 long one”. The very young voice on the other end was having a difficult time with the childhood phone number thing. :-)